That probability is very small, unless it gets into phones....
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Disabling Intel's Management Engine (ME)
Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
That probability is very small, unless it gets into phones....
nopainnogain
Member
All modern Intel processors have this backdoor? I use a "business" Haswell (i7-4771).
nopainnogain
Member
Never mind, I found the information:
The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Source: https://it.slashdot.org/comments.pl?sid=10717233&cid=54579757
The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.
The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include "ME Ignition" firmware that performs some hardware initialization and power management. If the ME's boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.
Source: https://it.slashdot.org/comments.pl?sid=10717233&cid=54579757
Ratman6161
Senior member
Its debatable that this is a "back door". Depends on how tightly your tin foil cap is on 🙂. Here is a tip: An easy way to find the specs on any Intel CPU is to do a google search on "ark" followed by your processor model. in your case that would be "ark i7-4771". This will get you a link directly to the spec sheet.
In the case of IME, look in the Advanced Technologies section on the line: Intel vPro technology. If it says "yes" then you have this feature. Interestingly if you had the i7-4770K then it would be "No" . The "K" CPU's don't have it...I'm assuming that's because they are aimed at consumers/DIY'ers rather than businesses where vPro is actually intended.
Interestingly i3's seem to be "NO" though I only checked the i3-7100 and 7300. Likewise with the Pentium G. Also "U" CPU's such as my Lenovo X1 with an i5-7200U. Not even all desktop non-K CPU's have it. I checked the i5-7400 and its a no. But the i5-7500 is a "yes".
Anyway, I'm now board with this so anyone who wants to see the specs on their particular CPU can look for themselves.
nopainnogain
Member
As I said, the i7-4771 is a "business model" processor.
I'm not concerned with the NSA (I mean, at an individual level), but with ramsonware and stuff like that. 🙂
I'm not concerned with the NSA (I mean, at an individual level), but with ramsonware and stuff like that. 🙂
cytg111
Lifer
K may not support vpro but it still has the ME enabled... or it wouldnt boot (iirc).
wilds
Platinum Member
I have read rumors about Nehalem being able to disable ME and still function. Is this true?
edit: These guys plan on selling Skylake laptops with ME disabled:
https://puri.sm/learn/intel-me/
edit: These guys plan on selling Skylake laptops with ME disabled:
https://puri.sm/learn/intel-me/
Last edited:
coercitiv
Diamond Member
kjboughton
Senior member
I disagree, the i3/i5/i7 series are a Consumer line of processors. "Business" (or enterprise) series would be Xeon E3/E5/E7 or the newest Xeon Scalable Processor series.
kjboughton
Senior member
I have done this modification to the BIOS for my ASUS Z10PE-D8 WS.... boots, runs, everything functional... see changes in thread linked below
Xref What controls Turbo Core in Xeons?
Xref What controls Turbo Core in Xeons?
Last edited:
nopainnogain
Member
Think again. No "consumer" would need a resource like vPro, and not every business needs a Xeon cluster.
Intel® vPro™ Technology
kjboughton
Senior member
Strawman... I never said Xeon cluster. There are plenty of single-CPU Xeon systems intended for professional use.
Looking forward to the talk, and possible BIOS updates to fix this.
BRB, I'll go take a sledgehammer to that G4560 rig I built at the start of the year.
Last edited:
nopainnogain
Member
Pointless remark. As a matter of fact, I'm not interested in what you have to say. I already have provided a link that proves my point. Bye.
kjboughton
Senior member
Well then; please allow me retort...
https://www.anandtech.com/show/11775/intel-launches-xeon-w-cpus-for-workstations
With this announcement, Intel also gave the image that now consumer and professional platforms were separate: no longer were Xeons welcome in consumer sockets. However as it turns out, this would not quite be the case.
Today Intel is taking the wraps off of their new Xeon-W family of processors, which will be their new brand for workstation-class processors. With the Xeon-W announcement today, Intel is bridging the gap between servers and consumer processors (in name at least) with a direct replacement for the old E5-1600 series, which will see Skylake-SP Xeons come to the LGA2066 socket with additional professional-level features in tow.
.....
With a complete division between consumer and enterprise, there was no way to bring features such as ECC and vPro down into more consumer friendly environments.
TL;DR
"Consumer" means i3/i5/i7
Professional/Business/Enterprise is Xeon
maybe you should take this up with Ian Cutress, current MB Editor for Anandtech
https://www.anandtech.com/show/11775/intel-launches-xeon-w-cpus-for-workstations
With this announcement, Intel also gave the image that now consumer and professional platforms were separate: no longer were Xeons welcome in consumer sockets. However as it turns out, this would not quite be the case.
Today Intel is taking the wraps off of their new Xeon-W family of processors, which will be their new brand for workstation-class processors. With the Xeon-W announcement today, Intel is bridging the gap between servers and consumer processors (in name at least) with a direct replacement for the old E5-1600 series, which will see Skylake-SP Xeons come to the LGA2066 socket with additional professional-level features in tow.
.....
With a complete division between consumer and enterprise, there was no way to bring features such as ECC and vPro down into more consumer friendly environments.
TL;DR
"Consumer" means i3/i5/i7
Professional/Business/Enterprise is Xeon
maybe you should take this up with Ian Cutress, current MB Editor for Anandtech
Last edited:
Just want to point out that ME or basically the ME functionality exists on all CPU's since Sandybridge. The difference is only in Vpro technology may or may not be disabled based on the chip you got. But much like PSP on Ryzen being on even if you didn't get a Ryzen Pro system, you have ME on even if Vpro isn't a feature of your chip.
nopainnogain
Member
Science-fiction. A decision taken by Intel a few weeks ago does not modify (and could not modify) the characteristics of a processor (i7-4771) launched in Q3-2013.
Anyway, have you read what you wrote? If Intel is willing to separate "consumer and professional platforms", it's (obviously) because they were not clearly separated in the past (and are still not separated now).
Ask Ian Cutress if you have any doubt.
Anyway, have you read what you wrote? If Intel is willing to separate "consumer and professional platforms", it's (obviously) because they were not clearly separated in the past (and are still not separated now).
Ask Ian Cutress if you have any doubt.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
